Archive

During Summer we always try to spend our free time in a more profitable manner, for instance reading gossip chronicles.

From this point of view, July 2012 has not been a particularly lucky month for Carly Rae Jepsen. On July the 7th, her website has been the target of a DDoS attack by a member of the infamous collective @TheWikiBoat. During the second half of July, she has joined the (not so) exclusive club of celebrities who had compromising pictures and video stolen from their computers and mobile devices. This is not an isolated episode since celebrities have shown an insane predilection to make (possibly) XXX photos and store them with few or no precautions at all. With the consequence that it is not so uncommon that the private material gets stolen with the purpose to blackmail the victims or simply to sell it.

Unfortunately the experience has shown that, almost always, both ideas end up in a miserable failure and the photos get usually leaked, causing fans to run to their search engines in the hunt for the private snaps.

Honestly speaking, I do not understand how it feels to take photos of oneself in compromising positions (but I am not a celebrity, at least so far). For sure, if I were a celebrity I would be aware of my level of exposition and its consequent capability to attract the unwelcome attentions of stalkers (and addicted hackers). That level of exposition, alone, justifies the need to pay more attention for private material, most of all if it contains XXX shots. But maybe celebrities have not time for complex passwords…

To let you understand how often these events occur, I browsed the chronicles of the last years compiling the following gallery. Even if most of the leaks came from the so-called hacker ring targeting more than 50 celebrities, you will find many surprising (sometimes recurring) victims, before coming to the disappointing conclusion that “the leopard does not change his spots”.

Or better “The Unbearable Lightness of (Human) Beings and APTs”. Immediately after my post on Cyber Weapons, I was pointed out that APTs are not Cyber Weapons. On a more general perspective, APTs are not things but (groups of) human beings who have the capability and the intent to target specific entries with multi-factor attacks. Said in few words an APT is not a “what” but is a “who”. On the other hand, how many could afford to hire (and pay) a double agent capable of implanting a malware inside a nuclear complex through an infected USB thumb?

An Oxford dictionary for Information Security has not already been published, hence this term is commonly used to refer to cyber threats or long-term sophisticated hacking attacks. The latter is the interpretation closer to what I meant in compiling the chart.

A couple of days ago I held a presentation at the Cyber Crime Conference in Rome about the strategies for thwarting Cybercrime. While preparing the slides I collected some material with which I prepared the following infographic dealing with the evolution of Cyber Crime.

The romantic times of phone phreaking are definitively gone and today the Cyber Crime is an organized industry with a complex ecosystem which generated in 2011, $ 388 billion in 24 countries. A value dangerously close to the value of global drug trafficking.

Scroll down the infographic and discover the HACK factor (Hacktivism, Availability, Cloud/Mobile and Know-How) which influences the rapid growth of the Cyber Crime Phenomena.

Yesterday, during the Italian Security Summit 2012, the Italian Clusit Association has unveiled the first Italian Cybercrime Report for which I acted as a contributor (in particular I compiled the section dedicated to the Italian Cyber Attacks), putting also at disposal my 2011 Cyber Attacks Timeline for the Report’s introduction.

This is a great result for our Security Community, not only because such a similar holistic work had never been compiled before in Italy, but also because it pinpoints the possible trends and scenarios for 2012 and hence provide guidelines useful to delineate security strategies for professionals and organizations.

Most of all, the Report has been enriched by data collected by the Italian Cyber Police. An unprecedented event in Italy that provides a real deep insight the Cybercrime impacts in everyday life as never done before in our country.

Said in few words, it worths a read, and even if, so far, it is in Italian, we are working for a short English Version.

In the meantime I provide you with an amusing preview. In compiling the report, Andrea Zapparoli Manzoni, a dear friend and most of all one of the report contributors, did a great job by cataloguing all the 406 international attacks that I collected in my 2011 timeline. I consequently decided to summarize the results of this huge work in the following Infographic. The result is quite impressive, isn’t it?

This last week has seen some remarkable events an undoubtable revamp of data leaks inside the Middle East Cyberwar.

Not only the infamous 0xOmar, the initiator of the Middle East Cyber War, reappeared, leaking alleged secret data from some Israeli Virtual Israeli Air Force School websites; but also the Pakistani zCompany Hacking Crew has re-entered the scene unchaining the original weapon, that is the Credit Card leak. As a matter of fact ZHC published 5,166 records containing working credit cards, usernames, emails and addresses of individual supporters of the Zionist Organisation of UK & Ireland (zionist.org.uk).

On a different front, the massive defacements of websites all over the world in support of #OpFreePalestine continued. Under the label of the same operation, the Anonymous also “doxed” several companies and individuals on pastebin.

As far as the two main contenders (Iran and Israel) are concerned, the strategies seem quite different.

Iran has shown a cyber activity culminated in the alleged attack against the BBC Persian Service. For this nation, it is also important to notice its “cyber autarky”, maybe a choice forced by the embargo, that led to the creation of an internal email service, in contrast to the traditional Gmail, Yahoo, etc. This happens few weeks after the decision to develop an internal Antivirus.

On the opposite front, Israel keeps on its apparent cyber silence. Is it the prelude for the feared military action against Iran?

If you want to be constantly updated on the Middle East Cyber War, at this link you find the complete timeline. Also follow @paulsparrows on Twitter for the latest updates!

I have just published a timeline covering the main Cyber Attacks targeting Military Industry and Aviation, but it looks like the latest events will force me to post an update, soon.

Although perpetrated with very different timelines, origins and motivations behind them, the last three days have seen a new wave of attacks against military industry that has unexpectedly become the point of intersection between cybercrime and cyberwar.

The first clamorous attack was disclosed a couple of days ago, when the Sunday Times revealed that alleged Chinese Hackers were able to penetrate into computers belonging to BAE Systems, Britain’s biggest defence company, and to steal details about the design, performance and electronic systems of the West’s latest fighter jet, the costly F-35 Joint Strike Fighter. The hacking attack has raised concerns that the fighter jet’s advanced radar capabilities could have been compromised and comes few weeks after papers about the future British-French drone were stolen in Paris.

Apparently, once again, an APT-based attack, or maybe one of its precursors, since it was first uncovered nearly three years ago. In any case, according to the sources and the little information available, it lasted continuously for 18 months, exploiting vulnerabilities in BAE’s computer defences to steal vast amounts of data. A fingerprint analogous to other similar cyber operations, allegedly generated from China such as Operation Aurora or the controversial operation Shady RAT.

Details of the attack have been a secret within Britain’s intelligence community until they were disclosed by a senior BAE executive during a private dinner in London for cyber security experts late last year.

Curiously the F-35 seems to be a very attracting prey for hackers as it was already the victim of a Cyber Attack in 2009; once again the latest attack is believed to be originated from China, who is showing a restless cyber activity.

Although completely different for impact and motivations, a second attack has just been announced by the infamous hacking collective Anonymous, which, in name of the #OpFreePalestine operation, has published the contact details for senior staff at BAE (hit once again), Lockheed, Gulfstream Aerospace, a division of General Dynamics, and the United States Division Of Israeli Owned Arms Company Elbit Systems. An attempt to embarrass military industry considered involved in the events happening in Palestine.

Although the data dumps apparently contain little valuable information (according to V3.co.uk many of the telephone numbers listed are for company headquarters, while several of the names appear to be out of date), the latest attacks represent a quantum leap in the Middle East Cyber War, after the “reign of terror” threatened by Anonymous against Israel.

The F-35 JSF is not only the most advanced stealthy fighter plane of the next future. It is also the most expensive. That’s why some partners have been compelled to downsize their initial requirements because of cuts imposed by the increasing unit price (with the new contract the total unit cost for an LRIP 5 jet is 205.3 million USD!!).

Apparently these cuts are interesting even the IT Security budgets of the manufacturers.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow the author of this article @pausparrows on Twitter for the latest updates.

The Italian Anonymous did it again and today have attacked for the second time in few days the vatican.va website. Actually this time their attack has apparently been deeper since the infamous collective also posted a small portion of a database claimed to have been leaked from radiovaticana.org, the website of the official Vatican Radio.

Of course the pastebin suggests that this attack has been a kind of retaliation against the information disclosed by Israeli Security Company in their detailed report, nevertheless this has been only the last DDoS attack in Italy in this troubled weekend that has seen several websites falling under the LOIC shots: Saturday the Italian Railways have been hit (three domains), and yesterday Equitalia, the company owning the concession, on behalf of the Government, to collect taxes.

This (un)expected revamp of DDoS activity in Italy comes approximately nearly a couple of months after the LOIC attacks unchained by the MegaUpload shutdown, and nearly nine months after the waves of attacks which made the Italian Summer a very hot season for Information Security.

Besides, so far the preferred targets of The Anonymous in Italy have been Government and Politician Websites, targeting the Vatican Site, looks like this time the Anonymous crossed the line.

As a matter of fact I have decided to write down in a table all the hacktivism-led attacks carried on Italy from the 2011 onwards. I have collected the information on the attacks during the gathering of the necessary material to prepare my timelines for 2011 and 2012. In reading the list, please consider that several DDoS attacks were only claimed by the attackers, so it is really difficult discriminate if they were succesful or not, nevertheless I thought it appropriate to insert them all to provide a global view.

So far, you will notice that the Hackvism in Italy has passed three main phases: the summer phase, maybe interrupted by the wave of arrests in July; the winter phase, as quoted above, immediately after the Megaupload shutdown on the wake of the anti-SOPA/PIPA/ACTA movements; and the current phase (may we define it a spring phase?) triggered by the delicate internal sociopolitical situation….

Interesting Links

About This Blog

In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.

Every information is reported with its source.

Anyone intending to use the information contained in my posts is free to do so, provided my blog is mentioned in your article.